Intel bought McAfee so it could bring antivirus and intrusion detection closer to the chip, and with DeepSafe – a technology that CEO Paul Otellini previewed at Intel Developer Forum in San Francisco this week – the company will be making good on that promise.
DeepSafe will put some of the antivirus code underneath the operating …

COMMENTS

Here we go again

If virtualisation was the answer, malware would have been killed off when PC operating systems started using protected mode to confine apps within user space. Experimentally, this does not appear to have been the case.

Expect a new generation of "virtual rootkit" to appear in a year or so's time.

That will be fun

A vector that (if they don't design it correctly) could allow the rootkit to be undetectable to all OS's installed later, on supposedly bare metal. Now who would benefit from that, crooks, spys, OS vendors with few scruples.

Could we be on the brink of one of the most momentous shot self in foot moments, in IT history? Opps let me correct that, shoot end user.

... Here we go again

no macho DeepSafe ... Its Two orphans to get rid of ... MeeGo and $7.7-bn McAfee

This is no macho DeepSafe Mumbo Jumbo

Its Two orphans to get rid of ... MeeGo and $7.7-bn McAfee

When people were just not getting out of narrow thinking that McAfee was for intel cpus. I kept shouting that McAfee was for MeeGo cuz most viruses are x86 native, Android though x86 comaptible is running only on intel-TV x86 hardware. so MeeGo if ran on x86-Atom smartphones.. x86-viruses will bleed it like a slaughtered pig. Now intel has two products to get rid of ... MeeGo and $7.7-bn McAfee. This DeepSafe Mumbo Jumbo is to keep ppl's attention away... and btw how will this macho hardwired DeepSafe will keep pace to identify ever new arriving threats/definitions !?!

Embed DeepSafe within KVM ?

Anti-competitive?

> "DeepSafe will be the foundation of a number of different enterprise security products that the McAfee unit will roll out"

I may be missing a point here, but at first glance does it seem that to get maximum benefit from the DeepSafe protection, a user would need to run the McAfee security / AV / whatever / software, thereby excluding other AV vendors?

Thus

McAfee bloatware would infect my machine from the firmware up, not merely from Windows registry on up.

I suppose I'll be learning all about EFI scripting and programming and runlevels.

Not that I *want* to.

I cannot understand why Intel would give a damn about this kind of security - Intel makes processors... other people (mebbe that Blue Pill lady) can come up with better virt sol'ns than spamming McAfee into the firmware.

I think that's rooted machines

No

BIOS is pretty hard to program . (U)EFI however is programmable in C using widely available docs and static link libraries. So Intel sees a way to save us from it's processors, which (U)EFI legs are spread wide, inviting penetration.

I worked on DEC Alpha boxes once. They had a 'BIOS' with capabilities exceeding (U)EFI. But not just anyone could slip into the (U)EFI, it was held in some protection.

Linux?

Did you take the red or blue pill ?

But how will this magic software know it's not already running atop a compromised machine, and is in fact on the bare metal as the first 'visor in the stack ? And why wont the same 'force self to the bottom' technique work for malware ?

This has potential

Intel just want to sell more new chips.

But this does give users a hope to better security, only if done right. If they manage to keep the hypervisor tiny it will be much more difficult to attack. Just as it would be more difficult to find vulnerability in a Hello World program comparing to Flash.